OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/window.h" | |
6 | |
7 #include <aclapi.h> | |
8 | |
9 #include "base/logging.h" | |
10 #include "base/memory/scoped_ptr.h" | |
11 #include "sandbox/win/src/acl.h" | |
12 #include "sandbox/win/src/sid.h" | |
13 | |
14 namespace { | |
15 | |
16 // Gets the security attributes of a window object referenced by |handle|. The | |
17 // lpSecurityDescriptor member of the SECURITY_ATTRIBUTES parameter returned | |
18 // must be freed using LocalFree by the caller. | |
19 bool GetSecurityAttributes(HANDLE handle, SECURITY_ATTRIBUTES* attributes) { | |
20 attributes->bInheritHandle = FALSE; | |
21 attributes->nLength = sizeof(SECURITY_ATTRIBUTES); | |
22 | |
23 PACL dacl = NULL; | |
24 DWORD result = ::GetSecurityInfo(handle, SE_WINDOW_OBJECT, | |
25 DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, | |
26 NULL, &attributes->lpSecurityDescriptor); | |
27 if (ERROR_SUCCESS == result) | |
28 return true; | |
29 | |
30 return false; | |
31 } | |
32 | |
33 } | |
34 | |
35 namespace sandbox { | |
36 | |
37 ResultCode CreateAltWindowStation(HWINSTA* winsta) { | |
38 // Get the security attributes from the current window station; we will | |
39 // use this as the base security attributes for the new window station. | |
40 SECURITY_ATTRIBUTES attributes = {0}; | |
41 if (!GetSecurityAttributes(::GetProcessWindowStation(), &attributes)) { | |
42 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; | |
43 } | |
44 | |
45 // Create the window station using NULL for the name to ask the os to | |
46 // generate it. | |
47 *winsta = ::CreateWindowStationW( | |
48 NULL, 0, GENERIC_READ | WINSTA_CREATEDESKTOP, &attributes); | |
49 LocalFree(attributes.lpSecurityDescriptor); | |
50 | |
51 if (*winsta) | |
52 return SBOX_ALL_OK; | |
53 | |
54 return SBOX_ERROR_CANNOT_CREATE_WINSTATION; | |
55 } | |
56 | |
57 ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { | |
58 base::string16 desktop_name = L"sbox_alternate_desktop_"; | |
59 | |
60 // Append the current PID to the desktop name. | |
61 wchar_t buffer[16]; | |
62 _snwprintf_s(buffer, sizeof(buffer) / sizeof(wchar_t), L"0x%X", | |
63 ::GetCurrentProcessId()); | |
64 desktop_name += buffer; | |
65 | |
66 // Get the security attributes from the current desktop, we will use this as | |
67 // the base security attributes for the new desktop. | |
68 SECURITY_ATTRIBUTES attributes = {0}; | |
69 if (!GetSecurityAttributes(GetThreadDesktop(GetCurrentThreadId()), | |
70 &attributes)) { | |
71 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
72 } | |
73 | |
74 // Back up the current window station, in case we need to switch it. | |
75 HWINSTA current_winsta = ::GetProcessWindowStation(); | |
76 | |
77 if (winsta) { | |
78 // We need to switch to the alternate window station before creating the | |
79 // desktop. | |
80 if (!::SetProcessWindowStation(winsta)) { | |
81 ::LocalFree(attributes.lpSecurityDescriptor); | |
82 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
83 } | |
84 } | |
85 | |
86 // Create the destkop. | |
87 *desktop = ::CreateDesktop(desktop_name.c_str(), | |
88 NULL, | |
89 NULL, | |
90 0, | |
91 DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | | |
92 READ_CONTROL | WRITE_DAC | WRITE_OWNER, | |
93 &attributes); | |
94 ::LocalFree(attributes.lpSecurityDescriptor); | |
95 | |
96 if (winsta) { | |
97 // Revert to the right window station. | |
98 if (!::SetProcessWindowStation(current_winsta)) { | |
99 return SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION; | |
100 } | |
101 } | |
102 | |
103 if (*desktop) { | |
104 // Replace the DACL on the new Desktop with a reduced privilege version. | |
105 // We can soft fail on this for now, as it's just an extra mitigation. | |
106 static const ACCESS_MASK kDesktopDenyMask = WRITE_DAC | WRITE_OWNER | | |
107 DELETE | | |
108 DESKTOP_CREATEMENU | | |
109 DESKTOP_CREATEWINDOW | | |
110 DESKTOP_HOOKCONTROL | | |
111 DESKTOP_JOURNALPLAYBACK | | |
112 DESKTOP_JOURNALRECORD | | |
113 DESKTOP_SWITCHDESKTOP; | |
114 AddKnownSidToObject(*desktop, SE_WINDOW_OBJECT, Sid(WinRestrictedCodeSid), | |
115 DENY_ACCESS, kDesktopDenyMask); | |
116 return SBOX_ALL_OK; | |
117 } | |
118 | |
119 return SBOX_ERROR_CANNOT_CREATE_DESKTOP; | |
120 } | |
121 | |
122 base::string16 GetWindowObjectName(HANDLE handle) { | |
123 // Get the size of the name. | |
124 DWORD size = 0; | |
125 ::GetUserObjectInformation(handle, UOI_NAME, NULL, 0, &size); | |
126 | |
127 if (!size) { | |
128 NOTREACHED(); | |
129 return base::string16(); | |
130 } | |
131 | |
132 // Create the buffer that will hold the name. | |
133 scoped_ptr<wchar_t[]> name_buffer(new wchar_t[size]); | |
134 | |
135 // Query the name of the object. | |
136 if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, | |
137 &size)) { | |
138 NOTREACHED(); | |
139 return base::string16(); | |
140 } | |
141 | |
142 return base::string16(name_buffer.get()); | |
143 } | |
144 | |
145 base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop) { | |
146 if (!desktop) { | |
147 NOTREACHED(); | |
148 return base::string16(); | |
149 } | |
150 | |
151 base::string16 name; | |
152 if (winsta) { | |
153 name = GetWindowObjectName(winsta); | |
154 name += L'\\'; | |
155 } | |
156 | |
157 name += GetWindowObjectName(desktop); | |
158 return name; | |
159 } | |
160 | |
161 } // namespace sandbox | |
OLD | NEW |